CN112965926B - SPI interface safety chip and SPI interface electronic device - Google Patents
SPI interface safety chip and SPI interface electronic device Download PDFInfo
- Publication number
- CN112965926B CN112965926B CN202110244211.XA CN202110244211A CN112965926B CN 112965926 B CN112965926 B CN 112965926B CN 202110244211 A CN202110244211 A CN 202110244211A CN 112965926 B CN112965926 B CN 112965926B
- Authority
- CN
- China
- Prior art keywords
- spi
- interface
- chip
- module
- spi interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004806 packaging method and process Methods 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 67
- 230000006870 function Effects 0.000 claims description 27
- 238000005070 sampling Methods 0.000 claims description 10
- 230000000630 rising effect Effects 0.000 claims description 8
- 239000002131 composite material Substances 0.000 claims description 6
- 238000000034 method Methods 0.000 abstract description 9
- 230000000977 initiatory effect Effects 0.000 abstract 1
- 238000007789 sealing Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 24
- 230000005540 biological transmission Effects 0.000 description 10
- 230000009466 transformation Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 241000764238 Isis Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 108010079923 lambda Spi-1 Proteins 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4063—Device-to-bus coupling
- G06F13/4068—Electrical coupling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
- G06F13/4295—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus using an embedded synchronisation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an SPI interface safety chip and an SPI interface electronic device, wherein the safety chip supports an SPI slave interface, an SPI chip selection input port can be in time-sharing gating or vacant with one or more other output ports of the safety chip, and a gating path is controlled by an internal logic state. The secure SPI interface electronic device refers to SPI equipment with a password service function. The SPI interface safety chip disclosed by the application is sealed with common SPI equipment by an SIP (session initiation protocol) packaging mode. The sealing and wire bonding method comprises the following steps: SPI interface signals of the safety chip are all led out to corresponding pins, SPI clock signals and data signals of common SPI equipment are also led out to corresponding pins, SPI chip selection signals of the common SPI interface electronic device are not led out to corresponding pins of the chip, and are connected with output ports corresponding to the safety chip and controlled by the safety chip. The safety chip with the circuit structure can simplify the safety upgrade of the common electronic device and obviously reduce the upgrade cost.
Description
Technical Field
The embodiment of the application relates to the technical field of data encryption and sensitive information protection of electronic devices, in particular to an SPI interface safety chip, a safety SPI flash memory electronic device with the safety chip and a safety SPI interface composite electronic device.
Background
At present, various electronic devices are distributed in an informationized network, and all the electronic devices face the situation of realizing security improvement by adding a password module. The addition of the cryptographic module in the electronic device is a main method for secure upgrade, and in the prior art, the connection mode between the cryptographic module and the main control unit is various, such as usb interface, spi control interface, iic interface, uart, isis interface, 7816, and even high-speed pc ie, sata, etc.
However, the above method for adding a cryptographic module to an electronic device to achieve secure upgrade of the electronic device generally has some practical problems, for example, because the connection mode between the main control chip and the SPI interface device is fixed and unique, when secure upgrade is required, the PCB printed circuit must be redesigned to provide additional related circuit access of the cryptographic module, and when the main control chip has no redundant interface, the main control chip needs to be replaced, which not only results in a large amount of secure upgrade engineering, but also greatly increases upgrade cost.
Taking a secure SPI flash electronic device as an example, an existing electronic device is generally directly connected to each interface of the SPI by a common SPI flash, if the electronic device is to be securely upgraded, it is necessary to use an external cryptographic module of an extra interface, and when no other interface exists, it is necessary to redesign a circuit board, which obviously occupies a large amount of workload and upgrade cost.
Disclosure of Invention
The application provides an SPI interface safety chip and an SPI interface electronic device, which can realize the safety upgrade of a common electronic device very simply and conveniently by utilizing the safety chip with the circuit structure, and has very little influence on the circuit of the existing electronic device.
In a first aspect, the present application provides an SPI interface security chip, comprising:
The SPI slave interfaces comprise SPI chip selection signal input ports;
a signal gating control circuit connected with any SPI slave interface; the signal gating control circuit is provided with one or more output ports;
The chip selection signal gating logic is connected with the signal gating control circuit and is configured to control the signal gating control circuit to gate to a corresponding output port in a time-sharing manner according to an instruction input by the SPI from an interface or a preset instruction;
and the password service function module is configured to provide password service from the interface to the outside through the SPI.
In some embodiments, the SPI slave interface supports any one or more combinations of 1/2/4/8 data lines.
In some embodiments, the SPI slave interface supports at least one of clock rising edge sampling and falling edge sampling.
In some embodiments, the security chip further comprises:
an auxiliary communication interface, the auxiliary communication interface being at least one of usb, uart, iic, gpio, 7816, SWP, 1Wire, configured to provide data exchange functionality for the security chip.
In some embodiments, the security chip further comprises:
an auxiliary function port configured to provide power, ground, clock services.
In some embodiments, the cryptographic service function module includes:
One or more of a CPU, an algorithm coprocessor, an internal memory, a guard sensor, a noise source, a power management module, a clock generation circuit, and a power-on reset circuit.
For the electronic device with the shortage of communication interface resources, the application can realize safe upgrade by taking over the prior SPI interface with the safety chip under the condition of not replacing the main control chip, provides the password service function, and can expand a plurality of SPI devices and time-division multiplex SPI interface communication.
In a second aspect, the present application provides a secure SPI flash electronic device, comprising:
A common SPI flash memory;
according to the security chip of the first aspect of the application, the security chip and the common SPI flash memory are sealed in a packaging mode;
The SPI communication interface comprises a clock port, a data port and a chip selection signal port; the security chip and the common SPI flash memory respectively share a clock port and a data port; the chip selection signal port is connected with the security chip;
The output end of the security chip is connected to the chip selection signal input end of the common SPI flash memory; the security chip is configured to determine whether to access the chip select signal to the normal SPI flash memory according to the input command.
In a third aspect, the present application further provides a secure SPI interface composite electronic device, including:
One or any combination of a common SPI flash memory, an SPI Wifi communication module, an SPI Bluetooth communication module, an SPI fingerprint module, an SPI touch module, an SPI real-time clock module, an SPI display control module, an SPI battery management module and an SPI A/D converter;
according to the security chip disclosed by the first aspect of the application, the security chip is sealed with one or any combination of the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter in a packaging mode;
the SPI communication interface comprises a clock port, a data port and a chip selection signal port; the SPI interface comprises a security chip, a common SPI flash memory, an SPI interface Wifi communication module, an SPI interface Bluetooth communication module, an SPI interface fingerprint module, an SPI interface touch module, an SPI interface real-time clock module, an SPI interface display control module, an SPI interface battery management module and an SPI interface A/D converter, wherein any one of the security chip, the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter shares a clock port and a data port; the chip selection signal port is connected with the security chip;
The output end of the security chip is connected to the chip selection signal input end of any one of the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter; the security chip is configured to judge whether to access the chip selection signal to the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter according to the input command.
Under the condition that the PCB printed circuit board is not changed, the conventional electronic device can realize the safety upgrade by only replacing the common SPI interface equipment with the safety SPI flash memory electronic device or the safety SPI interface composite electronic device. The method has the advantages of simple and easy safe transformation, controllable cost and excellent performance of the traditional electronic device, provides powerful support for the safe transformation of the electronic device and promotes industrial development.
Drawings
FIG. 1 is a schematic diagram of a common SPI bus signal connection;
FIG. 2 is a schematic diagram of an extended SPI bus signal connection;
FIG. 3 is a schematic diagram of data transmission after SPI interface is enabled;
FIG. 4 is a schematic diagram of the timing of the data on the clock rising edge sampling data line by the receiving side;
FIG. 5 is a schematic diagram of the timing of the data on the clock falling edge sampling data line by the receiver;
FIG. 6 is a schematic diagram of the timing of data sampling on the data line by the receiving side on both the rising and falling clock edges;
FIG. 7 is a graph of a 2-wire SPI interface as a function of MSB transmission mode signal line and data bits;
FIG. 8 is a graph of 4-wire SPI interface as a function of MSB transmission mode signal line and data bits;
FIG. 9 is a graph of 8-wire SPI interface as a function of MSB transmission mode signal line and data bits;
FIG. 10 is a schematic diagram of an SPI interface security chip according to the present application;
FIG. 11 is a logic diagram of the follow-up of the output signal and the chip select signal after the chip select signal path is gated;
FIG. 12 is a diagram showing a connection mode between a master control chip and SPI slave devices in a general electronic device;
FIG. 13 is a diagram showing an example of an application of the security chip shown in FIG. 10 in one embodiment;
FIG. 14 is a timing diagram illustrating one embodiment of a multiple group command implementation strobe path switch command according to the present application;
FIG. 15 is a schematic diagram of a security SPI flash electronic device according to the present application;
FIG. 16 is a diagram illustrating internal state transitions of the electronic device of FIG. 15 in one application;
fig. 17 is a schematic structural diagram of a security SPI interface composite electronic device according to the present application.
Detailed Description
The invention will be further described with reference to the accompanying drawings and detailed description below:
It should be noted that SPI is an abbreviation of serial peripheral interface (SERIAL PERIPHERAL INTERFACE), which is a synchronous serial interface technology proposed by Motorola corporation, and includes signal lines such as SCK (clock), CSn (chip select), MISO (master in and slave out data line), MOSI (master in and slave in data line), etc., which is a full duplex, synchronous communication bus, and is also called SPI 1 line mode.
As shown in fig. 1, a signal connection schematic diagram of a common SPI bus is shown;
When data is transmitted, the SPI master device and the SPI slave device can adopt a form in the figure, wherein a clock signal SCK is from the SPI master device and is unidirectional, and is a time sequence reference source of chip selection and data signals; chip select signal CS, from the SPI master, unidirectional. The SPI master may have multiple CS's, with one chip select CS signal corresponding to one slave device. And when the chip selection is enabled, the corresponding slave device is selected by the master device. The data line MOSI is used to transfer data from the master device in one direction. The data line MISO is used to transfer data from the slave device, unidirectional. The bus is full duplex, the master device receives data from the slave device while transmitting data, and the master device receives data from the slave device while transmitting data.
The SPI interface provided in the embodiment of the application is in a bus form formed by adding data lines on the basis of a standard SPI, the communication mode is changed from full duplex to half duplex, and the data lines are selectable by 2/4/8 lines. When 2-wire, 4-wire and 8-wire modes are selected for communication, the data transmission capacity is greatly improved, so that in practical application, the SPI interface supports 1/2/4/8 data wires according to practical requirements, and any one or any combination of a plurality of data wires can be adopted.
In addition, in the aspect of hardware configuration for realizing SPI function, at present, all electronic devices with certain requirements on performance are required to have higher main frequency and data processing capability of a main control unit, and the main control unit is matched with the performance, and basically supports a read-write interface of a high-speed SPI program memory so as to quickly read instruction codes; the clock frequency of the SPI program read-write interface can be up to more than 100 MHz.
Correspondingly, in the SPI bus signal connection schematic diagram shown in fig. 2, there are a plurality of SPI slaves at this time, and each chip select CS signal corresponds to one slave; the clock signal SCK is from a multi-channel SPI master device, unidirectional and is a time sequence reference source of chip selection and data signals; chip select signal CS, from the SPI master, unidirectional. The SPI master may have multiple CS's, with one chip select CS signal corresponding to one slave device. And when the chip selection is enabled, the corresponding slave device is gated by the master device. The data line MOSI/D0 is used for transmitting data in two directions. The data line MISO/D1 is used for transmitting data in two directions. The data lines D2-D7 are all used for transmitting data in both directions. The bus is half duplex, the data lines are in the same direction during each communication, and the specific direction is decided by negotiation of the master and slave parties.
When 2/4/8 line data line communication is employed, the relationship between the data lines and the transmitted data bits is as shown in fig. 7, 8 and 9, respectively.
Further, to improve data transfer efficiency, in some embodiments, the SPI interface supports one or both of clock rising edge sampling and falling edge sampling. Fig. 3 is a schematic diagram of data transmission after the SPI interface is enabled.
Specifically, as shown in fig. 4, the timing diagram of the data on the data line is sampled by the receiving side at the rising clock edge, where the transmitted data must be stable before the rising clock edge; wherein the recipient may be either a master or a slave.
Also, as shown in fig. 5, a timing diagram of the data on the data line is sampled by the receiving side at the falling edge of the clock, where the transmitted data must be stable before the falling edge of the clock arrives;
It is also possible to sample the timing of the data on the data line for both the rising and falling clock edges for the receiving side as shown in fig. 6, which requires that the transmitted data must be stable before any one clock edge arrives. The double-edge sampling can effectively improve the data transmission efficiency, and the data transmission efficiency is doubled under the condition of the same clock frequency.
In this embodiment, a common SPI flash memory (SPI flash memory) is a flash memory using an SPI as a communication interface, and has the characteristics of small interface signals, small chip area, compatibility of different capacity commands, and the like, and is widely used in existing electronic devices, and is mainly used for storing information such as control programs and data. SPI flash memory currently generally supports one or more of 1/2/4/8 line data communication modes. Flash memory (flash) is also classified into Norflash and Nandflash.
Example 1
Referring to fig. 10, a schematic structural diagram of an SPI interface security chip according to the present application;
as can be seen from fig. 10, the embodiment of the present application provides an SPI interface security chip, comprising:
At least one SPI slave interface 100, said SPI slave interface 100 comprising an SPI chip select signal input port;
A signal gating control circuit 500 connected to any one of the SPI slave interfaces 100; the signal gating control circuit 500 is provided with one or more output ports 300; the signal gating control circuit 500 is responsible for realizing SPI chip selection signal gating, the chip selection signal 101 input by the SPI from the interface 100 can be gated with other multiple output port signals 301/302/303 of the chip in a time-sharing manner, once gating with a certain output port, the logic signal of the gated output port keeps real-time following with the input chip selection signal, and the logic values of the two keep consistent; in addition, the SPI slave interface can also keep an idle state, namely is not gated with any output port, only the security chip can communicate at the moment, and other devices are in a non-gating state, so that the SPI interface data line is ensured not to collide. The signal following timing diagram is shown in fig. 11.
The strobe path may be switched between multiple output port signals, with the particular strobe path being determined by the state of the control logic 400 within the chip, which may be set by commands sent through the chip communication interface, or may be switched in a preset sequence. The chip select signal gating logic 400 is connected to the signal gating control circuit 500, and is configured to control the signal gating control circuit 500 to gate to the corresponding output port 300 in a time-sharing manner according to an instruction input from the interface 100 by the SPI or a preset instruction.
The cryptographic services function 600 is configured to provide cryptographic services from the interface 100 to the outside through the SPI. The power-on reset circuit is not limited to a CPU, an algorithm coprocessor, an internal memory, a protection sensor, a noise source, a power management module, a clock generation circuit and a power-on reset circuit; these modules may constitute one SOC chip. The security chip can provide password service to the outside through the SPI interface or other communication interfaces.
Furthermore, in some embodiments, the security chip further comprises:
An auxiliary communication interface 200, wherein the auxiliary communication interface 200 is at least one of usb, uart, iic, gpio, 7816, SWP, and 1Wire, and is configured to provide a data exchange function for the security chip.
The auxiliary function port 700 may be a port providing a power supply, a ground, a clock, and the like.
According to the technical scheme, the security chip can be used for realizing time sharing and sharing of SPI interface buses between the security chip and a plurality of SPI interface devices, and under the condition that SPI interface resources are not increased, a password module can be increased, and the SPI slave equipment can be expanded. Specifically, the method of using the security chip is described as shown in fig. 12:
The SPI interface connection mode of the common electronic device is similar to that shown in fig. 12, and the security chip is used for carrying out security upgrading on the electronic device, and the connection mode is shown in fig. 13 when the electronic device is used. The chip selection signals of all SPI interface electronic devices are taken over by the security chip 10, the clock signal and data signal lines of the original SPI interface device 1 and the main control chip 20 keep the original connection relation, and simultaneously SPI interface devices 2 and 3 can be added; the security chip 10 is powered on to default gate a single SPI chip select signal or to gate the security chip itself. At this time, the main control chip 20 of the electronic device can perform data interaction with the default gating SPI device, so as to realize access to the default SPI device; meanwhile, the security chip 10 monitors data transmitted on the SPI bus and analyzes whether the data belongs to a channel switching command.
If the security chip 10 monitors the gating path switching command (or according to a preset rule), the internal state is changed according to the switching command intention, and the SPI chip selection input signal is in signal communication with the corresponding output port, so as to gate the corresponding path. At this time, the electronic device main control chip 20 establishes new communication with the gated SPI device, and can access the gated SPI device; the security chip 10 keeps listening for SPI interface data but does not send data onto the SPI data bus.
If the security chip 10 receives a related command to close other paths (or according to a preset rule), the internal state is changed to enable chip selection signals of other SPI components to be in a disabled state, and at this time, a data communication channel is established between the security chip 10 and the main control chip 20, and the security chip 10 can serve as a cryptographic module to provide cryptographic services for the electronic device.
The electronic device sends related instructions according to the need (or according to a preset sequence), switches between the security chip 10 and a plurality of SPI components at any time, and time-sharing multiplexes the SPI bus to realize access to different components.
To avoid false recognition of SPI communication data as a switch command, the command length may be increased appropriately or implemented by a concatenation of consecutive sets of commands. A specific example diagram is shown in fig. 14.
According to the technical scheme, the application provides an SPI interface safety chip, which comprises at least one SPI slave interface, wherein the SPI slave interface comprises an SPI chip selection signal input port; a signal gating control circuit connected with any SPI slave interface; the signal gating control circuit is provided with one or more output ports; the chip selection signal gating logic is connected with the signal gating control circuit and is configured to control the signal gating control circuit to gate to a corresponding output port in a time-sharing manner according to an instruction input by the SPI from an interface or a preset instruction; and the password service function module is configured to provide password service from the interface to the outside through the SPI. According to the security chip provided by the application, under the condition that the main control chip is not replaced, the security chip can be used for realizing security upgrading by only taking over the existing SPI interface, the password service function is provided, meanwhile, a plurality of SPI devices can be expanded, the SPI interface communication is multiplexed in a time-sharing way, and the cost of security upgrading is greatly reduced.
Example two
Referring to fig. 15, a schematic structural diagram of a secure SPI flash electronic device according to the present application is shown;
As can be seen from fig. 15, the present application further provides a secure SPI flash electronic device corresponding to the secure chip, the electronic device comprising:
a normal SPI flash memory 30;
The secure chip 10 provided in the foregoing embodiment, the secure chip 10 and the common SPI flash 30 are sealed in a packaging manner;
An SPI communication interface comprising a clock port 41, a data port 42, and a chip select signal port 43; the secure chip 10 and the common SPI flash 30 share a clock port 41 and a data port 42, respectively; the chip select signal port 43 is connected with the security chip 10;
The output end of the security chip 10 is connected to the chip selection signal input end of the common SPI flash memory 30; the security chip 10 is configured to determine whether to access the chip select signal to the normal SPI flash 30 according to the inputted command.
The secure SPI flash memory is an SPI flash memory with a password service function. When the device realizes the operation of the safe SPI flash memory, the SPI communication interface signal of the device is consistent with that of the common flash memory. The safe SPI flash memory electronic device can provide a password service function while maintaining the function of a common SPI flash memory, and can solve the problems of large engineering quantity, complex structure, high cost, difficult realization and the like of the existing electronic device for providing the password service.
The specific implementation method of the electronic device comprises the following steps: the security chip 10 and the common SPI flash 30 are sealed together in a SIP packaging manner, and an SPI communication interface identical to the common SPI flash 30 is provided to the outside, and includes a clock port 41 for receiving a clock signal, a data port 42 for connecting a data bus, and a chip select signal port 43 for receiving a chip select signal. The specific connection scheme of the SIP package is that a clock signal 11 of a security chip 10 and an SPI interface clock signal 31 of a flash memory are both connected with a clock port 41, a security chip data bus 12 and a flash memory data bus 32 are both connected with a data port 42, an SPI chip select signal 13 of the security chip is connected with a sealed security SPI flash chip select signal port 43, a chip select signal 33 of a common SPI flash memory 30 is connected with an output port 14 corresponding to the security chip, and the security chip 10 controls whether the SPI chip select signal 13 of the security chip is directly connected. The security chip 10 determines whether to take over the chip select signal 33 of the normal SPI flash 30 by judging the command transmitted on the SPI interface, so that both time-division multiplex the SPI interface bus. Therefore, under the condition that the SPI interface is not added with a signal wire, the original flash memory function is reserved, and a password service module is added. In the prior art, if the electronic device using the SPI flash memory needs to be safely upgraded and reformed, the common SPI flash memory is only required to be replaced by the safe SPI flash memory as the same set of identical SPI communication interfaces are shared, and the PCB and other circuits of the electronic device do not need to be changed.
The commands supported by the secure SPI flash electronic device comprise the following types:
The internal state and the switching manner of the secure SPI flash according to the present invention are shown in fig. 16, and the internal state of the secure SPI flash is switched between the disabled cryptographic service S1 and the enabled cryptographic service S2, and is set by the enabled cryptographic service command C1 and the disabled cryptographic service command C2, respectively.
The specific method for realizing the password service function of the electronic device provided by the application comprises the following steps:
The security SPI flash memory is in a state S1 by default after power-on, the security chip transmits the input chip selection signal to the common SPI flash memory chip, and operations such as reading, writing, control and the like can be executed on the SPI flash memory through the SPI interface. At this time, the security chip only monitors all data transmitted on the SPI interface, and does not send the data to the SPI interface.
When the command C1 for enabling the password service appears on the SPI interface, the security chip and the common SPI flash memory both receive the group of command data, the SPI flash memory can consider an illegal command to ignore the data, the security chip can correctly analyze the command for starting the password service, the SPI chip selection signal transparent transmission function is closed according to the command setting, the chip selection signal of the SPI flash memory is set to be in an invalid state, and the state is switched to S2 for starting the password service. At this time, the secure SPI flash may provide a cryptographic service function through the SPI interface.
When the SPI interface generates a command C2 for closing the password service, the security chip recognizes the command for closing the password service function and switches to S1 a state for prohibiting the password service, the chip selection signal transparent transmission function of the common SPI flash memory is started, the chip selection signal of the common SPI flash memory is directly connected with the chip selection input signal of the SPI interface again, at the moment, the security chip can continue the password operation and other works, but no data is sent to the SPI interface until the password service function is started again.
According to the flow, the secure SPI flash can provide a common flash function and a password service function of the secure chip through the SPI interface.
As can be seen from the above technical solution, the present application provides a secure SPI flash electronic device, comprising: a common SPI flash memory; the safety chip and the common SPI flash memory are sealed in a packaging mode; the SPI communication interface comprises a clock port, a data port and a chip selection signal port; the security chip and the common SPI flash memory respectively share a clock port and a data port; the chip selection signal port is connected with the security chip; the output end of the security chip is connected to the chip selection signal input end of the common SPI flash memory; the security chip is configured to determine whether to access the chip select signal to the normal SPI flash memory according to the input command.
Under the condition that the PCB is not changed, the conventional electronic device can realize safe upgrading by only replacing the common SPI flash memory with the safe SPI flash memory. The method has the advantages of simple and easy safe transformation, controllable cost and excellent performance of the traditional electronic device, provides powerful support for the safe transformation of the electronic device and promotes industrial development.
Example III
Referring to fig. 17, a schematic structural diagram of a security SPI interface composite electronic device according to the present application is shown;
the difference from the second embodiment is that the electronic device includes:
One or any combination of a common SPI flash memory, an SPI Wifi communication module, an SPI Bluetooth communication module, an SPI fingerprint module, an SPI touch module, an SPI real-time clock module, an SPI display control module, an SPI battery management module and an SPI A/D converter;
the security chip is sealed with one or any combination of the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter in a packaging mode;
the security chip and any one of a common SPI flash memory, an SPI interface Wifi communication module, an SPI interface Bluetooth communication module, an SPI interface fingerprint module, an SPI interface touch module, an SPI interface real-time clock module, an SPI interface display control module, an SPI interface battery management module and an SPI interface A/D converter share a clock port 41 and a data port 42;
The output end of the security chip is connected to the chip selection signal input end of any one of the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter; the security chip is configured to judge whether to access the chip selection signal to the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter according to the input command.
In this embodiment, since the security chip described in the first embodiment is adopted, the security chip and a plurality of SPI interface devices may be packaged together into the same electronic apparatus, and it should be noted that, in fig. 17, only three interface devices are illustrated as an example, and in fact, any other number of SPI interface devices 1-n may be any one of a common SPI flash memory, an SPI interface Wifi communication module, an SPI interface bluetooth communication module, an SPI interface fingerprint module, an SPI interface touch module, an SPI interface real-time clock module, an SPI interface display control module, an SPI interface battery management module, and an SPI interface a/D converter.
By adopting the electronic device, the time-sharing gating of different SPI interface devices can be completed, or the operation of switching to an empty state and the like can be performed, so that the electronic device is more suitable for various scene requirements.
The implementation method, the use flow and the effect of the electronic device in the embodiment can be referred to the description in the second embodiment, and will not be repeated here.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the invention is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (10)
1. An SPI interface security chip, the security chip comprising:
at least one SPI slave interface (100), said SPI slave interface (100) comprising an SPI chip select signal input port;
A signal gating control circuit (500) connected to any one of the SPI slave interfaces (100); the signal gating control circuit (500) is provided with one or more output ports (300);
Chip select signal gating logic (400), coupled to the signal gating control circuit (500), configured to control the signal gating control circuit (500) to time-gate to a corresponding output port (300) or to be empty according to an instruction input from the interface (100) by the SPI or a preset instruction;
a cryptographic service function (600) configured to provide cryptographic services externally from the interface (100) through the SPI;
The SPI slave interface is responsible for communication between the SPI master device and the SPI slave device, the SPI chip selection signal input port is used for inputting an SPI chip selection input signal, and the SPI chip selection signal input port is connected with the chip selection signal output port (300) so as to enable the SPI master device to establish communication with the SPI slave device connected with the chip selection signal output port (300); the SPI slave device shares a clock signal and a data signal line with the security chip.
2. The security chip of claim 1, wherein the SPI slave interface (100) supports any one or more combinations of 1/2/4/8 data lines.
3. The secure chip of claim 1, wherein the SPI slave interface (100) supports at least one of clock rising edge sampling and falling edge sampling.
4. The security chip of claim 1, wherein the security chip further comprises:
-an auxiliary communication interface (200), the auxiliary communication interface (200) being at least one of usb, uart, iic, gpio, 7816, SWP, 1Wire, configured to provide data exchange functionality for the security chip.
5. The security chip of claim 1, wherein the security chip further comprises:
an auxiliary function port (700) is configured to provide power, ground, clock services.
6. The secure chip of claim 1, wherein the cryptographic service function module (600) comprises:
One or more of a CPU, an algorithm coprocessor, an internal memory, a guard sensor, a noise source, a power management module, a clock generation circuit, and a power-on reset circuit.
7. A secure SPI flash electronic device, the electronic device comprising:
A normal SPI flash memory (30);
The security chip (10) of any of claims 1 to 6, the security chip (10) being encapsulated with the normal SPI flash (30) in a packaging manner;
An SPI communication interface comprising a clock port (41), a data port (42) and a chip select signal port (43); the security chip (10) and the common SPI flash memory (30) share a clock port (41) and a data port (42) respectively; the chip selection signal port (43) is connected with a chip selection signal input port of the security chip (10);
The output end of the security chip (10) is connected to the chip selection signal input end of the common SPI flash memory (30); the security chip (10) is configured to determine whether to access a chip select signal to the normal SPI flash memory (30) according to an input command.
8. The electronic device according to claim 7, wherein the storage medium of the normal SPI flash (30) is Norflash or Nandflash.
9. A secure SPI interface composite electronic device, the electronic device comprising:
One or any combination of a common SPI flash memory, an SPI Wifi communication module, an SPI Bluetooth communication module, an SPI fingerprint module, an SPI touch module, an SPI real-time clock module, an SPI display control module, an SPI battery management module and an SPI A/D converter;
The security chip of any one of claims 1 to 6, wherein the security chip is sealed with one or any combination of the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module, and the SPI interface a/D converter in a packaging manner;
An SPI communication interface comprising a clock port (41), a data port (42) and a chip select signal port (43); the security chip and any one of a common SPI flash memory, an SPI interface Wifi communication module, an SPI interface Bluetooth communication module, an SPI interface fingerprint module, an SPI interface touch module, an SPI interface real-time clock module, an SPI interface display control module, an SPI interface battery management module and an SPI interface A/D converter share a clock port (41) and a data port (42); the chip selection signal port (43) is connected with a chip selection signal input port of the security chip;
The chip selection signal output port (300) of the security chip is connected to the chip selection signal input end of any one of the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter; the security chip is configured to judge whether to access the chip selection signal to the common SPI flash memory, the SPI interface Wifi communication module, the SPI interface Bluetooth communication module, the SPI interface fingerprint module, the SPI interface touch module, the SPI interface real-time clock module, the SPI interface display control module, the SPI interface battery management module and the SPI interface A/D converter according to the input command.
10. The electronic device of claim 9, wherein the storage medium of the normal SPI flash is Norflash or Nandflash.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110244211.XA CN112965926B (en) | 2021-03-05 | 2021-03-05 | SPI interface safety chip and SPI interface electronic device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110244211.XA CN112965926B (en) | 2021-03-05 | 2021-03-05 | SPI interface safety chip and SPI interface electronic device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112965926A CN112965926A (en) | 2021-06-15 |
CN112965926B true CN112965926B (en) | 2024-04-30 |
Family
ID=76276752
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110244211.XA Active CN112965926B (en) | 2021-03-05 | 2021-03-05 | SPI interface safety chip and SPI interface electronic device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112965926B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113312297A (en) * | 2021-06-22 | 2021-08-27 | 张玉禄 | SPI follows interface, security chip and SPI flash memory electron device |
CN113534995B (en) * | 2021-06-24 | 2023-02-28 | 合肥松豪电子科技有限公司 | TDDI chip shared by SPI interfaces |
CN117171076A (en) * | 2022-05-26 | 2023-12-05 | 华为技术有限公司 | SPI communication error-identification-prevention method and device, electronic equipment and storage medium |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007011453A (en) * | 2005-06-28 | 2007-01-18 | Pmr Inc | Postal matter information management system and postal matter information management method |
CN2864830Y (en) * | 2005-12-23 | 2007-01-31 | 航天信息股份有限公司 | False proof tax controlled chip |
JP2008217116A (en) * | 2007-02-28 | 2008-09-18 | Pioneer Electronic Corp | Electronic conference system |
WO2009051952A2 (en) * | 2007-10-17 | 2009-04-23 | Micron Technology, Inc. | System and method for setting access and modification for synchronous serial interface nand |
CN101981885A (en) * | 2008-03-25 | 2011-02-23 | 上海贝尔股份有限公司 | Methods and entities using IPSEC ESP to support security functionality for UDP-based OMA enablers |
CN102136082A (en) * | 2010-12-29 | 2011-07-27 | 上海爱信诺航芯电子科技有限公司 | High-speed and low-power-consumption SD (Secure Digital) card |
CN103500154A (en) * | 2013-09-11 | 2014-01-08 | 深圳市摩西尔电子有限公司 | Serial bus interface chip, serial bus transmission system and method |
CN106326966A (en) * | 2016-08-09 | 2017-01-11 | 武汉天喻信息产业股份有限公司 | Safety certification method based on multiple chip cards |
WO2017148221A1 (en) * | 2016-03-01 | 2017-09-08 | 中兴通讯股份有限公司 | Transmission control method, apparatus and system for serial peripheral interface |
CN208675215U (en) * | 2018-10-16 | 2019-03-29 | 安智技术服务(深圳)有限公司 | Secure communication module |
CN111488305A (en) * | 2020-03-27 | 2020-08-04 | 郑州信大捷安信息技术股份有限公司 | Method and system for realizing rapid communication of security chip |
CN111832090A (en) * | 2020-07-24 | 2020-10-27 | 张玉禄 | Safety electronic device based on multichannel SPI program read-write interface |
CN111881488A (en) * | 2020-08-03 | 2020-11-03 | 浙江大学 | Hardware encryption system and method for unmanned aerial vehicle flight control system |
CN111917967A (en) * | 2019-05-07 | 2020-11-10 | 杭州眼云智家科技有限公司 | Door monitoring system and control method thereof |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070235539A1 (en) * | 2006-04-05 | 2007-10-11 | Jarkko Sevanto | Mobile device with near field communication module and secure chip |
US20090144456A1 (en) * | 2007-11-30 | 2009-06-04 | Alexander David Gelf | Interface Device for Securely Extending Computer Functionality |
-
2021
- 2021-03-05 CN CN202110244211.XA patent/CN112965926B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007011453A (en) * | 2005-06-28 | 2007-01-18 | Pmr Inc | Postal matter information management system and postal matter information management method |
CN2864830Y (en) * | 2005-12-23 | 2007-01-31 | 航天信息股份有限公司 | False proof tax controlled chip |
JP2008217116A (en) * | 2007-02-28 | 2008-09-18 | Pioneer Electronic Corp | Electronic conference system |
WO2009051952A2 (en) * | 2007-10-17 | 2009-04-23 | Micron Technology, Inc. | System and method for setting access and modification for synchronous serial interface nand |
CN101981885A (en) * | 2008-03-25 | 2011-02-23 | 上海贝尔股份有限公司 | Methods and entities using IPSEC ESP to support security functionality for UDP-based OMA enablers |
CN102136082A (en) * | 2010-12-29 | 2011-07-27 | 上海爱信诺航芯电子科技有限公司 | High-speed and low-power-consumption SD (Secure Digital) card |
CN103500154A (en) * | 2013-09-11 | 2014-01-08 | 深圳市摩西尔电子有限公司 | Serial bus interface chip, serial bus transmission system and method |
WO2017148221A1 (en) * | 2016-03-01 | 2017-09-08 | 中兴通讯股份有限公司 | Transmission control method, apparatus and system for serial peripheral interface |
CN106326966A (en) * | 2016-08-09 | 2017-01-11 | 武汉天喻信息产业股份有限公司 | Safety certification method based on multiple chip cards |
CN208675215U (en) * | 2018-10-16 | 2019-03-29 | 安智技术服务(深圳)有限公司 | Secure communication module |
CN111917967A (en) * | 2019-05-07 | 2020-11-10 | 杭州眼云智家科技有限公司 | Door monitoring system and control method thereof |
CN111488305A (en) * | 2020-03-27 | 2020-08-04 | 郑州信大捷安信息技术股份有限公司 | Method and system for realizing rapid communication of security chip |
CN111832090A (en) * | 2020-07-24 | 2020-10-27 | 张玉禄 | Safety electronic device based on multichannel SPI program read-write interface |
CN111881488A (en) * | 2020-08-03 | 2020-11-03 | 浙江大学 | Hardware encryption system and method for unmanned aerial vehicle flight control system |
Non-Patent Citations (1)
Title |
---|
一种3线制半双工SPI接口设计;汪永琳;丁一;;半导体技术(05);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112965926A (en) | 2021-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112965926B (en) | SPI interface safety chip and SPI interface electronic device | |
US7725638B2 (en) | Application processor circuit incorporating both SD host and slave functions and electronic device including same | |
KR101725536B1 (en) | Device, method and system for operation of a low power phy with a pcie protocol stack | |
US6931470B2 (en) | Dual access serial peripheral interface | |
CN112540951A (en) | Special main control chip suitable for electric power system control protection device | |
CN113065172A (en) | Method for sharing spi interface bus by multiple devices | |
CN104956347A (en) | Leveraging an enumeration and/or configuration mechanism of one interconnect protocol for a different interconnect protocol | |
US20070067539A1 (en) | Enhanced CCID circuits and systems utilizing USB and PCI functions | |
CN102637453B (en) | Phase change memory including serial input/output interface | |
CN104834620A (en) | SPI (serial peripheral interface) bus circuit, realization method and electronic equipment | |
CN101369948B (en) | Communication system implementing low-power consumption | |
JPH0689245A (en) | Circuit of communication and emulation | |
WO2014023247A1 (en) | Embedded device and method for control data communication based on the device | |
JP2024508592A (en) | USB interface multiplexing method, circuit, electronic equipment and storage medium | |
CN110750490A (en) | Programmable edge computing chip module and data processing method | |
CN102445981B (en) | Data transmission system and data transmission method | |
CN112116054A (en) | Multi-chip integrated card | |
WO2011012558A1 (en) | Transaction terminator | |
US7281246B1 (en) | Method for loading user interface software | |
CN113312297A (en) | SPI follows interface, security chip and SPI flash memory electron device | |
KR20140065074A (en) | Mobile device and usb hub | |
CN113612769B (en) | Data safety type connector | |
CN103530256B (en) | The process device and method of CPCIe and PCI protocol data | |
CN213122983U (en) | System on chip realized based on FPGA | |
US8751719B2 (en) | Device and method for enhancing flexibility of interface between 3G communication module and application processor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |